Advanced Brute Force Attack Testing Framework
A professional multi-protocol brute force attack testing tool built for security researchers and penetration testers.
Auth Nexus is a powerful brute force attack testing framework designed for security professionals and penetration testers.
It supports multiple protocols such as:
- HTTP / HTTPS
- SSH
- FTP
- SMTP
The tool is designed with high performance asynchronous architecture, smart login detection, automatic CSRF handling, and memory-safe credential streaming.
Auth Nexus provides a modern TUI (Terminal User Interface) for easy configuration and monitoring.
Supports authentication testing for multiple protocols:
- HTTP / HTTPS login forms
- SSH authentication
- FTP authentication
- SMTP authentication
- Automatic username/password field detection
- Automatic CSRF token detection
- Cookie session handling
- Smart redirect analysis
- Asynchronous architecture
- Multi-threaded request handling
- High RPS processing
- Optimized network operations
Large credential lists can be used safely.
Example:
rockyou.txt (140MB+)
The tool reads credentials line-by-line instead of loading everything into memory.
Auth Nexus supports:
- HTTP proxies
- SOCKS4 / SOCKS5 proxies
- Randomized requests
- Delay control
- Stealth headers
Modern terminal interface with:
- live logs
- progress tracking
- RPS monitoring
- ETA calculation
- valid credential display
- Python 3.10+
- Linux / Termux / macOS
pkg update && pkg upgrade
pkg install clang libxml2 libxslt libiconv -y
pkg install binutils rust build-essential -y
pkg install python-lxml -y
pkg install python-cryptography -y
pkg install python3 -y
pkg install git -y
git clone https://github.com/TEAMBCS/AUTH-NEXUS.git
cd AUTH-NEXUS
chmod +x *
chmod 777 *
pip install -r auth-nexus.txt
python3 auth-nexus.pyWordForge is a powerful built-in wordlist generator designed for creating custom password lists with high flexibility and performance. It allows you to generate targeted wordlists based on specific character sets and length ranges.
- π€ Custom Character Set (A-Z, a-z, 0-9, symbols or custom input)
- π Adjustable Length Range (min β max)
- π Real-time Combination & Size Estimation
- π High-Speed Async Generation Engine
- πΎ Auto-save to
list/<filename>.txt - βΉ Stop Generation Anytime
- π Auto Integration with Main Tool (User/Pass List)
- Open WordForge from the main menu.
- Enter your desired character set.
- Set minimum and maximum length.
- Click Calculate to estimate:
- Total combinations
- File size
- Click Generate to start creating the wordlist.
Charset: abc123
Length: 1 β 3
Generated output:
a
b
c
1
2
3
aa
ab
ac
...
- Large charset + high length = huge file size
- Avoid generating more than 100M+ combinations unless ΰ€ΰ€΅ΰ€Άΰ₯ΰ€―ΰ€
- Storage and time consumption may increase significantly
list/<your_filename>.txt
After generation, you can:
- π Use as Password List
- π€ Use as Username List
- ππ€ Use for Both
Use smaller, targeted wordlists for better performance instead of massive random lists.
β‘ WordForge is optimized for speed, stability, and seamless integration with the attack engine.
Auth Nexus supports three major credential attack strategies.
Tests every username with every password
Example
User1 : Pass1
User1 : Pass2
User1 : Pass3
User2 : Pass1
User2 : Pass2
User2 : Pass3
Best for:
Multiple usernames Γ password list
Runs username and password lists in parallel
Example
User1 : Pass1
User2 : Pass2
User3 : Pass3
Best for:
Paired credential lists
Uses the same value for both username and password
Example
admin : admin
test : test
user : user
Best for:
Default credential testing
Target can be provided as:
Single URL
http://target.com/login
Or URL list
targets.txt
Example formats:
http://site.com/login
ssh://192.168.1.10:22
ftp://127.0.0.1:21
smtp://mail.server.com:587
Auth Nexus supports both single credentials and wordlists.
Single credential:
User : admin
Pass : password123
Credential lists:
users.txt
passwords.txt
Example login form configuration:
/login:user=^USER^&pass=^PASS^:F=Invalid or /login:user=^USER^&pass=^PASS^:S=Success
Explanation
| Part | Meaning |
|---|---|
| /login | form path |
| ^USER^ | username placeholder |
| ^PASS^ | password placeholder |
| F=Invalid | failure message |
| S=Success | success meassage |
Examples :β€
Cpanel : /login/:user=^USER^&pass=^PASS^:F=invalid
Wp : /wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid username
The Auto Param system analyzes the target request and automatically extracts possible authentication parameters such as:
β’ username fields
β’ password fields
β’ token parameters
β’ login form inputs
This helps speed up authentication testing without requiring manual parameter configuration.
Auth Nexus allows advanced success and failure detection using:
β’ HTTP status code
β’ Response text matching
β’ Regular expressions (Regex)
This helps the engine accurately detect whether an authentication attempt succeeded or failed.
You can define success indicators using plain text or regex.
Examples: "status"\s*:\s*"success", Login successful\. Redirecting, (?i)(logout|dashboard|welcome)
Define failure patterns to improve accuracy.
Examples: (?i)(error|wrong|incorrect), (?i)invalid
β’ Success patterns are checked first
β’ Failure patterns override success when matched
β’ Case-insensitive matching supported with (?i)
β’ Supports both plain text and regex patterns
This system improves detection accuracy for complex authentication responses.
Auth Nexus
β
βββ Engine
β βββ HTTP Module
β βββ SSH Module
β βββ FTP Module
β βββ SMTP Module
β
βββ Smart Detection
β βββ Parameter Detection
β βββ CSRF Detection
β βββ Cookie Handling
β
βββ Credential System
β βββ Wordlist Streaming
β βββ Cluster Bomb
β βββ Pitchfork
β βββ Battering Ram
β
βββ WordForge βοΈ
β βββ Custom Charset Builder
β βββ Length Range Control
β βββ Combination Estimation
β βββ High-Speed Generator
β βββ File Output (list/)
β βββ Auto Integration (User/Pass List)
β
βββ Networking
β βββ Async Requests
β βββ Proxy Support
β βββ Retry System
β
βββ Interface
βββ TUI Dashboard
βββ Live Logs
βββ Progress Tracking
βββ Results Display
Auth Nexus provides real-time attack statistics:
| Metric | Description |
|---|---|
| Attempts | Total attempts |
| RPS | Requests per second |
| ETA | Estimated time remaining |
| Hits | Valid credentials found |
AUTH-NEXUS
β
βββ auth-nexus.py #main tool
βββ auth-nexus.txt #requirements
βββ auth-nexus-ua.json #User agent list
βββ passlist.txt #A common password list
βββ README.md
β
βββ Image
| βββ auth-nexus-v2.0-2.jpg #Tool Image
| βββ auth-nexus-v2.0-1.jpg #Tool image
| βββ auth-nexus-v2.0-3.jpg #wordforge image
β βββ auth-nexus-logo.png #logo image
β
βββ AUTH-NEXUS-CSS
| βββ WordForgeScreen.css #wordforge css
| βββ UI.css #main UI css
| βββ about.css #about info css
β βββ attack-ui.css #attack panel ui css
β βββ app.css #app css
β
βββ output
βββ success.txt
Β Β
Β Β
Edit CSS Code as your wish.
If you found textual library install problem in kali linux machines or debian machines
- use
pip install textual --break-system-packages --ignore-installed pygments
If you found any problem to install cryptography Library in Termux
- use
export ANDROID_API_LEVEL=24
This tool is developed for:
- Cybersecurity research
- penetration testing
- authorized security assessments
Unauthorized usage against systems without permission is illegal.
Owner : TEAM BCS
Developer : BLACK ZER0
This project is licensed under the GNU General Public License v3.0 (GPLv3).
Licensed under the GNU General Public License v3.0 (GPLv3).
This license allows users to use, modify and distribute the software,
but any modified version must also be released under the same GPLv3 license.
If you like the project consider giving a star on GitHub.
Stay secure.
Stay ethical.